On Tue, 2013-02-12 at 16:48 -0800, H. Peter Anvin wrote:
> OK... what none of this gets into:
>
> Why should CAP_RAWIO be allowed on a secure boot system, when there are
> 2^n known ways of compromise a system with CAP_RAWIO?
CAP_SYS_RAWIO seems to have ended up being a catchall of "Maybe someone
who isn't entirely root should be able to do this", and not everything
it covers is equivalent to being able to compromise the running kernel.
I wouldn't argue with the idea that maybe we should just reappraise most
of the current uses of CAP_SYS_RAWIO, but removing capability checks
from places that currently have them seems like an invitation for
userspace breakage.
��.n��������+%�������w��{.n�����{����*�jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
